Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)

Exploit Title: Fuel CMS 1.4.7 - 'col' SQL Injection Authenticated Google Dork: - Date: 2020-08-01 Exploit Author: Roel van Beurden Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.7.zip Version: 1.4.7 Tested on: Linux Ubuntu 18.04...

Dolibarr ERPCRM 7.0.3 - PHP Code Injection

Dolibarr ERPCRM 7.0.3 - PHP Code Injection Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Date: 06/29/2018 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3...

Moxa EDR-810 Service Agent Multiple Denial of Service Vulnerabilities

Summary Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp and 4001/tcp to trigger this vulnerability. Tested Version...

WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure

Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...

The Uber platform coming out of authentication vulnerabilities, exploit the vulnerability can reset any account password-loophole warning-the black bar safety net

Italian security expert Vincenzo C. Aka found the Uber platform authentication vulnerabilities, any account can use this vulnerability to reset the password, this discovery yesterday officially announced. In fact, the initiator of the“authentication crisis”the vulnerability is in the seven months...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

LifeSize Room 5.0.9 - Multiple Vulnerabilities Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar...

WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection

Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass Time line: Found 07-Jun-2016, Vendor notified...

CMS Formulasi 2.07 XSS / CSRF / SQL Injection

/ \ / | / \ /000000 | 00 | /000000 | 00 \00/ / \ / \ / \ 00 \ / / \ / \ 00 \00/ / \ / | 00 \ 000000 |/000000 |000000 |0000000 |000000 0000 | 000000 | 00 \ /000000 |/0000000/ 000000 | / 00 |00 | 00/ / 00 |00 | 00 |00 | 00 | 00 | / 00 | 000000 |00 00 |00 | / \00 |/0000000 |00 | /0000000 |00 | 00 |0...

MS Windows DNS RPC Remote Buffer Overflow Exploit (port 445)

No description provided by source. Microsoft DNS Server Remote Code execution Exploit and analysis Advisory: http://www.microsoft.com/technet/security/advisory/935964.mspx This remote exploit works against port 445 also Microsoft RPC api used Author: Mario Ballano mballanogmail.com Andres Tarasco...